Описание
ELSA-2025-23062: ruby:3.3 security update (MODERATE)
ruby [3.3.10-5]
- Upgrade to Ruby 3.3.10. Resolves: RHEL-106820
- Fix possible denial of service in resolv gem (CVE-2025-24294)
- Fix URI Credential Leakage Bypass previous fixes. (CVE-2025-61594)
- Fix REXML denial of service. (CVE-2025-58767) Resolves: RHEL-122012
rubygem-abrt rubygem-mysql2 rubygem-pg
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module ruby:3.3 is enabled
ruby
3.3.10-5.module+el8.10.0+90720+35d8666a
ruby-bundled-gems
3.3.10-5.module+el8.10.0+90720+35d8666a
ruby-default-gems
3.3.10-5.module+el8.10.0+90720+35d8666a
ruby-devel
3.3.10-5.module+el8.10.0+90720+35d8666a
ruby-doc
3.3.10-5.module+el8.10.0+90720+35d8666a
ruby-libs
3.3.10-5.module+el8.10.0+90720+35d8666a
rubygem-abrt
0.4.0-1.module+el8.10.0+90287+d51aa4ed
rubygem-abrt-doc
0.4.0-1.module+el8.10.0+90287+d51aa4ed
rubygem-bigdecimal
3.1.5-5.module+el8.10.0+90720+35d8666a
rubygem-bundler
2.5.22-5.module+el8.10.0+90720+35d8666a
rubygem-io-console
0.7.1-5.module+el8.10.0+90720+35d8666a
rubygem-irb
1.13.1-5.module+el8.10.0+90720+35d8666a
rubygem-json
2.7.2-5.module+el8.10.0+90720+35d8666a
rubygem-minitest
5.20.0-5.module+el8.10.0+90720+35d8666a
rubygem-mysql2
0.5.5-1.module+el8.10.0+90287+d51aa4ed
rubygem-mysql2-doc
0.5.5-1.module+el8.10.0+90287+d51aa4ed
rubygem-pg
1.5.4-1.module+el8.10.0+90287+d51aa4ed
rubygem-pg-doc
1.5.4-1.module+el8.10.0+90287+d51aa4ed
rubygem-power_assert
2.0.3-5.module+el8.10.0+90720+35d8666a
rubygem-psych
5.1.2-5.module+el8.10.0+90720+35d8666a
rubygem-racc
1.7.3-5.module+el8.10.0+90720+35d8666a
rubygem-rake
13.1.0-5.module+el8.10.0+90720+35d8666a
rubygem-rbs
3.4.0-5.module+el8.10.0+90720+35d8666a
rubygem-rdoc
6.6.3.1-5.module+el8.10.0+90720+35d8666a
rubygem-rexml
3.4.4-5.module+el8.10.0+90720+35d8666a
rubygem-rss
0.3.1-5.module+el8.10.0+90720+35d8666a
rubygem-test-unit
3.6.1-5.module+el8.10.0+90720+35d8666a
rubygem-typeprof
0.21.9-5.module+el8.10.0+90720+35d8666a
rubygems
3.5.22-5.module+el8.10.0+90720+35d8666a
rubygems-devel
3.5.22-5.module+el8.10.0+90720+35d8666a
Oracle Linux x86_64
Module ruby:3.3 is enabled
ruby
3.3.10-5.module+el8.10.0+90720+35d8666a
ruby-bundled-gems
3.3.10-5.module+el8.10.0+90720+35d8666a
ruby-default-gems
3.3.10-5.module+el8.10.0+90720+35d8666a
ruby-devel
3.3.10-5.module+el8.10.0+90720+35d8666a
ruby-doc
3.3.10-5.module+el8.10.0+90720+35d8666a
ruby-libs
3.3.10-5.module+el8.10.0+90720+35d8666a
rubygem-abrt
0.4.0-1.module+el8.10.0+90287+d51aa4ed
rubygem-abrt-doc
0.4.0-1.module+el8.10.0+90287+d51aa4ed
rubygem-bigdecimal
3.1.5-5.module+el8.10.0+90720+35d8666a
rubygem-bundler
2.5.22-5.module+el8.10.0+90720+35d8666a
rubygem-io-console
0.7.1-5.module+el8.10.0+90720+35d8666a
rubygem-irb
1.13.1-5.module+el8.10.0+90720+35d8666a
rubygem-json
2.7.2-5.module+el8.10.0+90720+35d8666a
rubygem-minitest
5.20.0-5.module+el8.10.0+90720+35d8666a
rubygem-mysql2
0.5.5-1.module+el8.10.0+90287+d51aa4ed
rubygem-mysql2-doc
0.5.5-1.module+el8.10.0+90287+d51aa4ed
rubygem-pg
1.5.4-1.module+el8.10.0+90287+d51aa4ed
rubygem-pg-doc
1.5.4-1.module+el8.10.0+90287+d51aa4ed
rubygem-power_assert
2.0.3-5.module+el8.10.0+90720+35d8666a
rubygem-psych
5.1.2-5.module+el8.10.0+90720+35d8666a
rubygem-racc
1.7.3-5.module+el8.10.0+90720+35d8666a
rubygem-rake
13.1.0-5.module+el8.10.0+90720+35d8666a
rubygem-rbs
3.4.0-5.module+el8.10.0+90720+35d8666a
rubygem-rdoc
6.6.3.1-5.module+el8.10.0+90720+35d8666a
rubygem-rexml
3.4.4-5.module+el8.10.0+90720+35d8666a
rubygem-rss
0.3.1-5.module+el8.10.0+90720+35d8666a
rubygem-test-unit
3.6.1-5.module+el8.10.0+90720+35d8666a
rubygem-typeprof
0.21.9-5.module+el8.10.0+90720+35d8666a
rubygems
3.5.22-5.module+el8.10.0+90720+35d8666a
rubygems-devel
3.5.22-5.module+el8.10.0+90720+35d8666a
Связанные CVE
Связанные уязвимости
The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.
The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.
The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.